Re: [PATCH] del_timer() vs. mod_timer() SMP race

From: Benjamin Herrenschmidt
Date: Sun Nov 21 2004 - 22:06:55 EST

Next message: Philippe Troin: "APM suspend/resume ceased to work with 2.4.28"
Previous message: Antonino A. Daplas: "Re: [Linux-fbdev-devel] [2.6 patch] pm3fb: remove kernel 2.2 code (fwd)"
In reply to: Andrew Morton: "Re: [PATCH] del_timer() vs. mod_timer() SMP race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2004-11-21 at 18:54 -0800, Andrew Morton wrote:
> Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > --- linux-work.orig/kernel/timer.c 2004-11-22 11:50:59.000000000 +1100
> > +++ linux-work/kernel/timer.c 2004-11-22 13:35:38.928448032 +1100
> > @@ -308,6 +308,7 @@
> > goto repeat;
> > }
> > list_del(&timer->entry);
> > + smp_wmb();
>
> Pretty please, always add a comment when putting an open-coded barrier into
> the kernel. Otherwise people cannot tell why it is there.

Ok, I also added the comment to the "other" smp_wmb() which was already there just in case...

It is mandatory that this timer->base = NULL is visible to other CPUs only after
the list_del() is complete. If not, then mod timer could see it NULL, thus take it's
own CPU list lock and not the one for the CPU the timer was beeing removed from the
list, and thus the list_add in mod_timer() could race with the list_del() from
run_timers() or del_timer().

Signed-off-by: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>

Index: linux-work/kernel/timer.c
===================================================================
--- linux-work.orig/kernel/timer.c 2004-11-22 11:50:59.000000000 +1100
+++ linux-work/kernel/timer.c 2004-11-22 14:01:05.537368200 +1100
@@ -308,6 +308,10 @@
goto repeat;
}
list_del(&timer->entry);
+ smp_wmb(); /* the list del must have taken effect before timer->base
+ * change is visible to other CPUs, or a concurrent mod_timer
+ * would cause a race with list_add
+ */
timer->base = NULL;
spin_unlock_irqrestore(&base->lock, flags);

@@ -460,7 +464,10 @@

list_del(&timer->entry);
set_running_timer(base, timer);
- smp_wmb();
+ smp_wmb(); /* the list del must have taken effect before timer->base
+ * change is visible to other CPUs, or a concurrent mod_timer
+ * would cause a race with list_add
+ */
timer->base = NULL;
spin_unlock_irq(&base->lock);
fn(data);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Philippe Troin: "APM suspend/resume ceased to work with 2.4.28"
Previous message: Antonino A. Daplas: "Re: [Linux-fbdev-devel] [2.6 patch] pm3fb: remove kernel 2.2 code (fwd)"
In reply to: Andrew Morton: "Re: [PATCH] del_timer() vs. mod_timer() SMP race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]